Recent Posts
Follow Us
twittergoogle_pluslinkedinrssyoutube
The Legal Stuff
BT Policyholder Protection Blog
0 0

25 Apr 2016 Scott Godes quoted in Legaltech News Article “Cyberinsurance: A Necessary Protection in the Digital Era?”

Scott Godes, partner and co-chair of the firm’s Data Security and Privacy Practice Group, was recently quoted in a Legaltech News article, “Cyberinsurance: A Necessary Protection in the Digital Era?”   Between 2005 and 2015, more than 5,000 must-report data breach incidents were tracked; and since 2002, breach notification laws have been enacted in 47 states. Given the rising number of breaches and response costs, companies are turning to cyberinsurance for remediation.   Scott is quoted numerous times within the article, including one note stating, “A data breach, and several courts have agreed, particularly when the information is put online, involves the publication of materials that violates a person’s right to privacy. And yet, notwithstanding this good case law, for policyholders, insurance companies continue to…

READ MORE
0 0

16 Mar 2016 Scott Godes Quoted in Law360: Insurance Article “Data Breach Report Shows Cyberinsurance Not A Cure-All”

  Scott Godes, partner and co-chair of the firm’s Data Security and Privacy Practice Group, was recently quoted in a Law360: Insurance article, “Data Breach Report Shows Cyberinsurance Not A Cure-All.”   The article discusses how companies are managing cyber risks and turning to cyberinsurance policies to handle data breaches.  The article highlights a recent study discussing the size and scope of common data breaches and whether cyberinsurance policies would respond to such incidents.   Scott is quoted in the article saying, “There are some policies that have a retention or deductible that can be significantly lower for the costs of forensic investigation, breach letters or crisis management than the deductible for putative class actions and dealing with regulatory investigations.”   Read the full article here….

READ MORE
0 0

27 Oct 2015 Scott Godes quoted in Law360 Article, “Privacy ‘Bill of Rights’ to Boost Demand for Breach Coverage”

Scott Godes, partner and co-chair of the firm’s Data Security and Privacy Practice Group, was recently quoted in a Law360 article, “Privacy ‘Bill of Rights’ to Boost Demand for Breach Coverage.”   The article highlights the recently introduced privacy bill of rights and changes to the regulatory environment that could change the cyberinsurance marketplace for  policyholders.   Scott is noted saying, “Cyberinsurance remains the Wild West of insurance. But with the changing regulatory environment, we’re starting to see changing prices and the market opening up and tightening up.”   Read the full article here. Scott GodesScott N. Godes is a veteran trial lawyer with experience in insurance coverage matters and technology issues. He is a partner in Barnes & Thornburg LLP’s Washington, D.C., office and…

READ MORE
0 0

08 Oct 2015 Regulation S-P Violation: Are You Prepared For A Cyber-Security Breach?

On Sept. 22, 2015, the Securities and Exchange Commission (SEC) announced the first violation by a registered investment advisor of the so-called Safeguards Rule (Regulation S-P) pertaining to the protection of personally identifiable information from cyber-attack. This is the first instance of the SEC enforcing Regulation S-P against an investment advisor.   The Regulation, broadly speaking, requires broker-dealers, investment advisers and other financial firms to protect confidential customer information from unauthorized release to unaffiliated third parties. Included in Regulation S-P is the “Safeguard Rule” (Rule 30(a)), which requires financial institutions to, among other things, adopt written policies and procedures reasonably designed to protect customer information against cyber-attacks.  This raises the question:  Are you prepared for a cyber-attack (and the attendant liability)?   In its findings,…

READ MORE
0 0

20 Aug 2015 What Insurance Should Cover Target’s Visa Settlement?

Two years later, and the Target data breach continues to make headlines.   Does anyone need to be reminded that Target suffered a data breach in 2013? Seeing that the breach continues to be litigated and settlements continue to be announced with payment card brands, it is difficult to forget the incident.   Most recently, Target announced that it had reached a settlement with Visa.[1] According to reports, Target could “pay as much as $67 million to banks that issue Visa cards.”[2] Target’s earlier $19 million settlement with MasterCard[3] ended up being scuttled; Target and MasterCard reportedly are working on another resolution.[4]   What is Target settling?   Target’s settlement with Visa likely is to resolve the alleged damages resulting from Target’s payment card breach….

READ MORE
0 0

06 Jul 2015 Scott Godes Quoted in Law360 Article, “4 Cyberinsurance Battlegrounds to Watch”

Scott Godes, partner and co-chair of the firm’s Data Security and Privacy Practice Group, was recently quoted in Law360’s article, “4 Cyberinsurance Battlegrounds to Watch.”   The article examines four key battlegrounds to watch when seeking coverage under cyberinsurance policies.  Scott was quoted multiple times about exclusions and limitations within cyberinsurance policies.  One of Scott’s quotes related to an insurance company’s recent denial of coverage based on alleged security requirements within a cyberinsurance policy.  Scott is quoted saying,   “The idea that an alleged failure to meet some security requirement would result in the exclusion of coverage should be seen as offensive. It puts a policyholder in a spot where, every time a claim is made, there is a trapdoor to coverage.”   Scott gave…

READ MORE
0 0

17 Jun 2015 Cyber Insurance is Only for Retailers, Right?

News about cybersecurity and cyberattacks has changed. It seems that cyber criminals have broadened their focus beyond just data breaches involving personally identifiable information (PII) or protected health information (PHI). Now, a significant percentage of companies worldwide reportedly are facing attacks designed to shut down their computer networks, to delete data or control their equipment. This changing focus of cyber criminals makes clear that even though retailers, healthcare organizations, and banks have received a lot of media attention in this arena, all companies need to be prepared for a cyberattack. Diligent preparation includes not only implementing safeguard measures and response plans, but should also include an evaluation of your company’s insurance program to determine if you have sufficient coverage for your company’s potential cyber risks….

READ MORE
0 0

12 May 2015 Will Your Tech E&O Insurance Cover Your Retention of Someone Else’s Electronic Data?

Court Offers Narrow Interpretation of Cyberinsurance. If you’ve been paying attention to the news or any of your social media channels, you’ve probably heard people talking about cyberinsurance and that your company needs it. You might even have been told that cyberinsurance is a panacea for all risks related to cybersecurity and data privacy. To date, there has been very little publicly available litigation about the meaning of cyberinsurance policies. One federal court changed that with a decision issued on May 11, 2015, in Travelers Property Casualty Co. of America v. Federal Recovery Services, Inc., No. 2:14-cv-170 TS, slip op. (D. Utah May 11, 2015). Unfortunately, the decision ruled against the policyholder and offered a narrow interpretation of the cyberinsurance policy involved in the dispute….

READ MORE
0 0

24 Feb 2015 Scott Godes Quoted in Business Insurance

Scott Godes, from Barnes & Thornburg’s Policyholder Insurance Recovery Group, was recently quoted in Business Insurance’s article, “Increased Cyber Losses Means More Insurance Coverage Disputes.”   The article states that companies seeking coverage for data breaches under general liability policies often have turned to the personal and advertising injury part of the forms, and disputes have centered on whether a breach constitutes a “publication” that violated a right to privacy.  Beyond disputes regarding coverage under general liability policies for cybersecurity claims, lawyers anticipate coverage litigation arising under cyberinsurance policies as well.   Many of these lawsuits are litigated off the radar, and have not drawn widespread attention.  Some might suggest that cyberinsurance carriers probably want it that way.  Scott, who has litigated the scope of…

READ MORE
0 1

09 Dec 2014 The Other Cyber Shoe Has Dropped – What Does that Mean for Your Insurance Program?

Just when you thought that it could not get worse for companies in the context of cybersecurity and privacy issues…it does. The end of 2014 has been brutal. Perhaps most significant, a court allowed banks to proceed against a retailer to pursue damages allegedly flowing from a cyberattack and data privacy incident involving payment card numbers. That same retailer disclosed hundreds of millions of dollars in losses as a result of the cyberattack a data privacy incident. Another retailer fell victim to a cyberattack and data privacy incident involving payment card numbers. Major entertainment businesses suffered cyberattacks, with one allegedly involving information about celebrities, corporate IP, and user names and passwords for social media accounts of the company. Distributed denial of service attacks (DDoS) are…

READ MORE